Mandatory 2 – Factor Aadhaar Authentication for CRA System Access w.e.f. 1st April 2024: PFRDA
Mandatory 2 – Factor Aadhaar Authentication for CRA System Access w.e.f. 1st April 2024: PFRDA Circular dated 15.03.2024
PFRDA
PENSION FUND REGULATORY AND DEVELOPMENT AUTHORITY
Circular
Circular No: PFRDA/2024/06/Sup-CRA/03
15th Mar 2024
To
All NPS Stake Holders
Subject: Mandatory 2 – Factor Aadhaar Authentication for CRA System Access w.e.f. 1st April 2024
Government and Corporate Nodal offices, including PrAO/DTA/PAO/DTO/DDO, are granted with access to the Central Recordkeeping Agency (CRA) system for conducting National Pension System (NPS) related tasks, perform activities and generate various reports. The additional security layer, 2-Factor Aadhaar-based authentication, is being compulsorily implemented for all password-based users logging into the CRA system, effective from 1st April 2024 as communicated vide our earlier Circular dt 20th Feb 2024.
2. Benefits of 2-Factor Authentication:
i. Increased Security: The two-factor approach significantly reduces the risk of unauthorized access to the CRA system.
ii. Enhanced Protection: This additional layer safeguards NPS transactions and protects the interests of both subscribers and stakeholders.
3. Additional Security Feature:
Currently, Nodal Offices under Central and State Governments, including their underlying Autonomous bodies, use a password-based login to access the CRA for NPS transactions. To bolster security features and protect the interests of Subscribers and Stakeholders, it has been decided to introduce additional security features through Aadhaar-based authentication for login to the CRA system. This Aadhaar-based login authentication will be integrated with the current User ID and Password-based login process, enabling 2-Factor Authentication for accessing the CRA system.
4. Aadhaar Mapping:
User IDs of Nodal offices under the Government Sector (Central/State/CAB/SAB) shall be permitted to login to the CRA system (CRA & NPSCAN) using 2-Factor Authentication through Aadhaar OTP (One-time password). The Oversight office (PrAO/DTA) must initially link their Aadhaar with their respective CRA User ID, enabling underlying users to initiate Aadhaar Mapping. Similarly, PAO/DTO must link their Aadhaar with their respective CRA User ID, allowing underlying DDOs to initiate Aadhaar linking.
5. Performance of NPS Activities:
All offices under the Government Sector and Autonomous Bodies are required to implement the necessary framework for the additional feature of Aadhaar-based login and authentication in the CRA system to carry out all NPS related activities.
6. Standard Operating Process:
The attached document outlines the process for Nodal offices attached with Protean CRA to link their Aadhaar and proceed with functional activities using the CRA system and covers the following points:
i. One-time registration of Aadhaar number against Nodal Office User ID
ii. Authentication of Aadhaar Mapping to Nodal Office User ID
iii. Status view for Aadhaar Mapping
iv. Procedure for regular (Aadhaar-based) access to CRA system
Government and Corporate Nodal Offices, along with Autonomous Bodies, are requested to implement the necessary framework for the new Aadhaar-based login and authentication and ensure seamless execution of all NPS-related activities.
Yours sincerely,
Digitally signed by
K MOHAN GANDHI
Chief General Manager
Source: PFRDA